Cyber Security in Q4 2017. Forecast for 2018

In 2017 we witnessed many security breaches and data leakage incidents. The world has circulated information about data theft from Equifax, Verizon or Kmart. The infrastructure of many companies was paralyzed by the attacks of Petya, WannaCry, BadRabbit. Hackers also used the increasingly popular IoT (Internet of Things) devices to launch massive cyber attacks.

2017 is mainly ransomware, malware, phishing, network layer attacks, DDoS attacks and botnets. The most common targets of the cyber attacks were companies from the energy, healthcare, retail and manufacturing sectors. The financial sector and state institutions were also threatened.

Number of attacks and countries of origin

In the fourth quarter of 2017 alone, Grey Wizard recorded 167 324 652 incidents. The average number of incidents per day was 1,394,372. 22.04% of all security incidents and attacks that were directed at sites protected by Grey Wizard Shield came from France. The United Kingdom came second among the source countries of the cyber attacks - 20.08%. The countries from which increased traffic was registered are also Germany 18.73%, the United States 9.07% and Poland 7.81%. Other countries with quite high incident and involvement rates of cybercriminals are the Netherlands 5.12% and Canada 2.35%. Slovenia recorded 1.60%, Romania 1.53% and Moldova 1.35%. Attacks from other countries were 10.32%. These include countries with incident and attack activity below 1%. These included Ukraine 0.95% and Hungary 0.73%.

Duration of attacks

The duration of cyber attacks has a huge impact on the company. The longer the attack, the greater the financial and image damage suffered by the attacked company. Most often, the purpose of cyber attacks is to limit the availability of the website, stealing sensitive data and content and money. According to the data collected by Grey Wizard, brute force attacks lasting less than 30 minutes were the largest, as much as 52.83%. Immediately afterwards, attacks were recorded, which lasted from 1-3 hours and constituted 28.77% of all incidents. 18.40% were attacks from 30-60 minutes and 3-6 hours (18.87%). However, only 1.42% of the attacks are between 12 and 24 hours and over 24 hours. These data show that attacks under 30 minutes are "most popular" on the black market. - This is due to the low cost of such attacks, it is only a few to several dollars - says Radosław Wesołowski, CEO Grey Wizard. - Cybercriminals use short but intense attacks to disrupt online services, but at the same time they are aware that even a temporary lack of access to the service can generate huge losses," adds the Grey Wizard expert.

Types of attacks

The Internet has accustomed us to convenience. It is natural for us to shop online, blog, use banking services, make hotel reservations or use e-services of state institutions. The increase in their popularity has resulted in a simultaneous increase in the number of websites and web applications being attacked. The most popular type of application attack in Q4 2017 according to data collected by Grey Wizard was SQL Injection. The number of incidents represented 40.53% of all attacks. SQL Injection (SQLi) is a cyber-attack method that injects additional procedures into a SQL query that, generated by applications, are passed on to the database.
and done there.

Illegal Resource Access, i.e. illegal access to resources - 31.89%, was the second most popular type of incident. These are all illegal activities aimed at accessing private or proprietary sites and trying to view or steal system files. 24.02% of incidents are Security Vulnerability Scanners, i.e. attacks targeting vulnerability scanners for Internet applications. The least incidents were reported using the Cross Site Scripting (XSS) attack type - 1.31%. XSS (Cross-site scripting) attack is performed on the browser side. This is an attack on a client of a vulnerable web application. It threatens the application itself and the data on its side.

- Hackers are increasingly taking advantage of security gaps in the application layer - says Radosław Wesołowski CEO Grey Wizard. - First, because it stores user data such as personal data, credit card numbers or logins and passwords. Secondly, the application layer supports protocols such as HTTP, SQL, DNS, SNMP, FTP and others. The lack of proper security of these protocols gives hackers the opportunity to use many potential attack methods. Third, attacks targeting the application layer are complex and often difficult to detect. Therefore, in order to effectively protect against such attacks, equally complex and intelligent defence mechanisms should be used - explains Radosław Wesołowski. - The best solution is to have Web Application Firewall protection, which among other things provides 24-hour automatic protection against application attacks, has a low false alarm rate and has the ability to define exceptions," he adds.

Security of CMS systems

In the fourth quarter of 2017, the Web Application Firewall Grey Wizard recorded as many as 266,222 incidents related to flaws in content management systems. - Of the platforms we protected, the greatest attention of the hackers was directed to the WordPress platform. We recorded as many as 261,112 incidents violating the security of stored data, which is 98.1% - says Radosław Wesołowski from Grey Wizard. - The number of attacks on WordPress CMS is due to its high popularity - more than 24% of websites in the world are built on it. The most common reason for security failures is a frequent lack of updates and high vulnerability of any additions to the system," explains expert Grey Wizard. 1.91% of incidents were reported on the Magento platform - one of the most extensive platforms for large online stores. It supports nearly 10% of all online shops.

Summary and forecasts for 2018

2017 will be remembered as the year of many massive hacking attacks such as Petya, WannaCry or Bad Rabbit. It is also the year in which many data breaches occurred, in particular for Equifax, Verizon and Kmart. In Poland, the incident of a security breach in banks and in the Polish Financial Supervision Authority was a high profile event.

The year 2017 has shown that companies and public institutions face a huge challenge in providing security for companies and sensitive data. New techniques and methods of operation of cybercriminals make the protection of business more and more difficult and the risk of a cyber attack increases all the time. In 2018, cyber security will have to further develop and use technology based on artificial intelligence.

- In today's cyber reality, it is hard to imagine a more effective weapon than intelligent machine learning technology. Only with the help of artificial intelligence we are able to effectively protect ourselves against cyber attacks, the so-called attacks of the future - concludes Radosław Wesołowski, CEO Grey Wizard.

Over the next few years, cyber security specialists will continue to be among the most sought-after experts in the IT industry. By 2020, as many as 15% of the posts related to cyber security will still remain vacant.

Also, the forecasts regarding the costs of cyber attacks are not optimistic. Specialists predict that in 2018 the costs of cyber attacks could reach even 180 billion dollars. This 36-fold increase is a clear signal to companies to implement security procedures and provide additional security for websites against cybercriminals.